Why I am receiving aws ExpiredToken: The security token included in the request is expired?

Question

I am trying to test a github project - https://github.com/charlottemach/cross-account-aws-iam-roles regarding terraform on aws and two accounts, assumed roles. I run this terraform scripts from my pc locally. Of course I added two profiles in .aws\config

[default]
region = eu-west-1
output = json

[profile prod]
region = eu-north-1
output = json

[profile utils]
region = eu-north-1
output = json

and .aws\credentials

[default]
aws_access_key_id = xxx
aws_secret_access_key = xxxx

[prod]
aws_access_key_id = xxx
aws_secret_access_key = xxxx

[utils]
aws_access_key_id = xxx
aws_secret_access_key = xxxx

The problem is that I am receiving errors. I can't find any solution for this issue. First I run terraform init it was executed successful and now I run terraform plan and there are errors below:

terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling 
sts:GetCallerIdentity: ExpiredToken: The security token included in the request is expired
    status code: 403, request id: xxxx-xxx



Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling 
sts:GetCallerIdentity: ExpiredToken: The security token included in the request is expired
    status code: 403, request id: xxxx-xxx

Answer 1

Terraform prioritizes environment variables over the config file. Check to make sure you don't have AWS_SECURITY_TOKEN or AWS_ACCESS_KEY_ID set in your environment.

If both of those are missing, run env TF_LOG=TRACE terraform plan. That will give an incredibly detailed log, and will let you know what authentication information you're pulling in.